[PATCH] fixup! audit: try harder to send to auditd upon netlink failure
Paul Moore
pmoore at redhat.com
Fri Sep 18 20:33:59 UTC 2015
On Friday, September 18, 2015 03:52:43 AM Richard Guy Briggs wrote:
> A bug was introduced by "audit: try harder to send to auditd upon
> netlink failure", caused by incomplete code and a function that expects
> a string and does not accept a format plus arguments. Create a
> temporary string variable to assemble the output text. It could be
> merged as a fixup if it is not yet upstream.
Ungh, that's embarrassing; I really should have caught that in review. Sigh.
At least it shouldn't cause anything to blow up, just a less than helpful
message.
I pulled the original patch from linux-audit#next just now, I'll re-add it
once we sort this out.
Comments below ...
> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> ---
> kernel/audit.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 18cdfe2..60913e6 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -420,7 +420,10 @@ restart:
> if (audit_pid) {
> if (err == -ECONNREFUSED || err == -EPERM
>
> || ++attempts >= AUDITD_RETRIES) {
>
> - audit_log_lost("audit_pid=%d reset");
> + char s[32];
> +
> + sprintf(s, "audit_pid=%d reset", audit_pid);
> + audit_log_lost(s);
Granted 32 bytes should be big enough for the string, but I would feel better
if we used snprintf() here; make the change and I'll merge the patch with the
original and push it back to linux-audit#next.
Normally I'm not a big fan of amending patches after they have been committed,
but in this case it is in the next branch (doing this for upstream or stable-X
is a big "no") and nothing sits on top of it.
> audit_pid = 0;
> audit_sock = NULL;
> } else {
--
paul moore
security @ redhat
More information about the Linux-audit
mailing list